While visiting my sister-in-law I found her son had used her computer several months ago and since then she has been plagued by [bleep] popups. I offered to do what I could to solve this problem.
My initial effort was to install Popup Stopper, which works most of the time. However, the popups still occur, although blocked, and I would like to prevent them all together.
Also, after some review, I discovered the dialer, InstantAccess, was installed. It took considerable effort to delete the InstantAccess files but finally I deleted all of them. The problem now is that whenever I boot I get an error message: The specific module could not be found.” I realize the register or something is calling for this file to load and I would like to eliminate that event too.
I still need to install Zone Alarm for her.
The computer being used is an old Dell Optiplex using Windows 2000 (which is current) and a dial up access. It has a 4 GB HD that is almost full. She will be receiving another used, but better pc in about six months.
To reiterate, my two continuing concerns are:
1. Delete the [bleep] popups from occurring.
2. Delete the error message: “Error loading - egdaccess_1069.dll.
I registered with geekstogo and followed the steps recommended.
I did not have the resources available to accomplish a complete backup.
Under Step 1 for Ad-Aware SE I could not find “Search for low risk threats.”Othewise it worked fine.
Under Step 2 I could not get Trend Housecall to work. I also tried Panda Activescan and while I think it ran I cold never find results?
Any help would be appreciated.
Logfile of HijackThis v1.99.1
Scan saved at 9:16:25 AM, on 11/19/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\winnt\system32\nfpywgqce.exe
C:\Program Files\Socket Accelerator\PropelAC.exe
C:\program files\mailskinner\mailskinner.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\Socket Accelerator\prpl_IePopupBlocker.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\Socket Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [nfpywgqce] c:\winnt\system32\nfpywgqce.exe -start
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1069.dll,InstantAccess
O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\agremind.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\Socket Accelerator\pac-addwl.html
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\Socket Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\Socket Accelerator\pac-image.html
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....119/CTSUEng.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15008/CTPID.cab
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 7:15:44 PM, 11/18/2005
+ Report-Checksum: B5A18305
+ Scan result:
[784] VM_019A4000 -> Spyware.NaviPromo : Error during cleaning
[952] VM_01194000 -> Spyware.NaviPromo : Error during cleaning
[956] VM_00CD4000 -> Spyware.NaviPromo : Error during cleaning
[1028] VM_00E94000 -> Spyware.NaviPromo : Error during cleaning
[1124] VM_01CD4000 -> Spyware.NaviPromo : Error during cleaning
C:\WINNT\system32\sysnetsvc32.dll -> Dialer.Generic : Cleaned with backup
::Report End